Bug 103167

Summary: UBSAN error since g:05f40bc4c116ba48843728201bc7290a5e518598
Product: gcc Reporter: Martin Liška <marxin>
Component: libbacktraceAssignee: Martin Liška <marxin>
Status: RESOLVED FIXED    
Severity: normal CC: ian
Priority: P3    
Version: 12.0   
Target Milestone: 12.0   
Host: Target:
Build: Known to work:
Known to fail: Last reconfirmed: 2021-11-10 00:00:00
Bug Depends on:    
Bug Blocks: 63426    

Description Martin Liška 2021-11-10 10:28:48 UTC 
Originally reported here:
https://sourceware.org/bugzilla/show_bug.cgi?id=28569

```
UBSAN error: /home/mliska/Programming/binutils-gdb/libbacktrace/elf.c:3835:29: 
The following fails when I build binutils with:
configure --build=x86_64-linux --disable-gdb --disable-gdbserver --enable-obsolete --target=aarch64-elf CFLAGS="-g -O2 -fsanitize=address,undefined -Wno-error" CXXLAGS="-g -O2 -fsanitize=address,undefined -Wno-error" LDFLAGS="-ldl"
Target: aarch64-elf
FAIL: symver symver14
Executing on host: sh -c {../as-new   /home/mliska/Programming/binutils-gdb/gas/testsuite/gas/symver/symver15.s 2>&1}  /dev/null dump.out (timeout = 300)
/home/mliska/Programming/binutils-gdb/libbacktrace/elf.c:3835:29: runtime error: left shift of 251 by 24 places cannot be represented in type 'int'

```
Comment 1 Martin Liška 2021-11-10 10:30:08 UTC 
And one more related ASAN error related to the same revision:

UBSAN error: /home/mliska/Programming/binutils-gdb/libbacktrace/xztest.c:175:13: 
The following fails when I build binutils with:
configure --build=x86_64-linux --disable-gdb --disable-gdbserver --enable-obsolete --target=aarch64-elf CFLAGS="-g -O2 -fsanitize=address,undefined -Wno-error" CXXLAGS="-g -O2 -fsanitize=address,undefined -Wno-error" LDFLAGS="-ldl"
Target: aarch64-elf
FAIL: symver symver14
Executing on host: sh -c {../as-new   /home/mliska/Programming/binutils-gdb/gas/testsuite/gas/symver/symver15.s 2>&1}  /dev/null dump.out (timeout = 300)
/home/mliska/Programming/binutils-gdb/libbacktrace/xztest.c:175:13: runtime error: null pointer passed as argument 2, which is declared to never be null
Comment 2 Martin Liška 2021-11-10 10:30:49 UTC 
> And one more related ASAN error related to the same revision:

This one is also UBSAN error.
Comment 3 Martin Liška 2021-11-10 10:31:44 UTC 
And the last one I see:

UBSAN error: /home/mliska/Programming/binutils-gdb/libbacktrace/elf.c:3178:26: 
The following fails when I build binutils with:
configure --build=x86_64-linux --disable-gdb --disable-gdbserver --enable-obsolete --target=aarch64-elf CFLAGS="-g -O2 -fsanitize=address,undefined -Wno-error" CXXLAGS="-g -O2 -fsanitize=address,undefined -Wno-error" LDFLAGS="-ldl"
Target: aarch64-elf
FAIL: symver symver14
Executing on host: sh -c {../as-new   /home/mliska/Programming/binutils-gdb/gas/testsuite/gas/symver/symver15.s 2>&1}  /dev/null dump.out (timeout = 300)
/home/mliska/Programming/binutils-gdb/libbacktrace/elf.c:3178:26: runtime error: left shift of 163 by 24 places cannot be represented in type 'int'
Comment 4 Andrew Pinski 2021-11-10 10:37:01 UTC 
(In reply to Martin Liška from comment #3)
> /home/mliska/Programming/binutils-gdb/libbacktrace/elf.c:3178:26: runtime
> error: left shift of 163 by 24 places cannot be represented in type 'int'

diff --git a/libbacktrace/elf.c b/libbacktrace/elf.c
index 79d56146fc6..2cb25883975 100644
--- a/libbacktrace/elf.c
+++ b/libbacktrace/elf.c
@@ -3175,7 +3175,7 @@ elf_uncompress_lzma_block (const unsigned char *compressed,
   stream_crc = (compressed[off]
                | (compressed[off + 1] << 8)
                | (compressed[off + 2] << 16)
-               | (compressed[off + 3] << 24));
+               | (((unsigned)compressed[off + 3]) << 24));
   if (unlikely (computed_crc != stream_crc))
     {
       elf_uncompress_failed ();


There is a few more in that file which are similar and needs the same.
Comment 5 Andrew Pinski 2021-11-10 10:39:06 UTC 
(In reply to Martin Liška from comment #1)
> /home/mliska/Programming/binutils-gdb/libbacktrace/xztest.c:175:13: runtime
> error: null pointer passed as argument 2, which is declared to never be null

diff --git a/libbacktrace/xztest.c b/libbacktrace/xztest.c
index b2533cb1804..a42bc59efd8 100644
--- a/libbacktrace/xztest.c
+++ b/libbacktrace/xztest.c
@@ -172,7 +172,7 @@ test_samples (struct backtrace_state *state)
                       tests[i].name, uncompressed_len, v);
              ++failures;
            }
-         else if (memcmp (tests[i].uncompressed, uncompressed, v) != 0)
+         else if (v && memcmp (tests[i].uncompressed, uncompressed, v) != 0)
            {
              size_t j;
Comment 6 Martin Liška 2021-11-10 13:53:10 UTC 
Andrew, are you planning sending a patch candidate for this, please?
Comment 7 Andrew Pinski 2021-11-10 13:57:32 UTC 
(In reply to Martin Liška from comment #6)
> Andrew, are you planning sending a patch candidate for this, please?

I doubt it, I have so many other things on my plate right now.
Comment 8 Martin Liška 2021-11-10 14:49:52 UTC 
(In reply to Andrew Pinski from comment #7)
> (In reply to Martin Liška from comment #6)
> > Andrew, are you planning sending a patch candidate for this, please?
> 
> I doubt it, I have so many other things on my plate right now.

All right, lemme finish the patch.
Comment 9 GCC Commits 2021-11-12 14:07:33 UTC 
The master branch has been updated by Martin Liska <marxin@gcc.gnu.org>:

https://gcc.gnu.org/g:83310a08a2bc52b6e8c3a3e3216b4e723e58c961

commit r12-5197-g83310a08a2bc52b6e8c3a3e3216b4e723e58c961
Author: Martin Liska <mliska@suse.cz>
Date:   Fri Nov 12 14:50:57 2021 +0100

    libbacktrace: fix UBSAN issues
    
    Fix issues mentioned in the PR.
    
            PR libbacktrace/103167
    
    libbacktrace/ChangeLog:
    
            * elf.c (elf_uncompress_lzma_block): Cast to unsigned int.
            (elf_uncompress_lzma): Likewise.
            * xztest.c (test_samples): memcpy only if v > 0.
Comment 10 Martin Liška 2021-11-12 14:08:12 UTC 
Fixed.